26 February 2017

In the early morning nautical twilight on a cold winter morning, thoughts about how the world is changing comes into clarity. What do you believe in?

As the asymmetric threats seem to grow and our respective thoughts scan a vast Operational Risk landscape of people, processes, systems and external events; there is a mission worth pursuing. It is a mission that is uncertain, full of unexpected change and potential catastrophes.

The outcomes that you seek will not always materialize as you wish, yet that is to be expected. After all, what would an organization, state, region or country be like, without any substantial changes, unexpected events or new challenges? You see, humans do not thrive in environments where behavior or events are 100% predictive.

We work best when there is a problem to solve, an environment or challenge that we can explore. We can conquer or adapt to, in order to survive another day. It is this ability to explore, to test, to solve problems that sets us apart from the current state of "Artificial Intelligence", for now.

Now, pivot your thoughts to the current ecosystem of people you encounter on a daily basis. How does that environment change each day? What mechanisms do you have in place to mitigate the risks that could create negative consequences and outcomes? Think about all of the behaviors, tools and ways that you operate each day to deal with risks in your life.

The truth is, humans are curious and seek out risk. Even if you get to a place where there is a perception that no risks are present, that no risks are over the horizon, we will look for new adventure, new learning and ways to adapt to a new environment. So what really is the top priority for a parent, big brother/sister, manager, instructor, chief executive, commander or other organizational/constituent leader?

To create an environment of trust. In a place where people have the ability to create the rules, teach the rules and operate within the rules. Think about any environment where humans can't create the rules, or rely on the rules. Where they are not effectively communicated or where people don't follow the rules. Trust breaks down and uncertainty permeates our consciousness. The decisions to trust become questionable.

"Is there anyone in an organization who is absolutely irreplaceable? Probably not. But the most essential people are so difficult to replace, so risky to lose, and so valuable that they might as well be irreplaceable."

How many linchpins do you have on your team? Guess what? If everyone
is so specialized, so vital and there is little or no backup and redundancy, you may
have a single point of failure. This is why as a linchpin, you need to
be continuously training and teaching to be replaceable. If you are not confident
that you have done all you can do, to become replaced, then you as a
linchpin have failed. Your resilience factor is zero.

Your tasks will create more redundant linchpins and you shall create a consistent and highly trusted environment, physical or virtual. A changing environment is inevitable. Achieve a culture where trust is paramount and the team, class, cohort, company and community that creates the rules, communicates the rules, enforces the rules and follows the rules.

We as curious humans seek out unpredictable places, full of risk and simultaneously we wish the environment can be trusted? Yes we do.

19 February 2017

The lifeblood of an organization is comprised of several key components to sustain and continuously grow the enterprise. Founders, senior management, engineers, financial and legal subject matter expertise usually comes first. Then once the minimum viable product or solution is ready for the intended market there is a mad dash to add the sales and business development resources.

Startup mentality that initiates the planning, demand generation and "Go-to-Market" execution for the growth engine have higher Operational Risk exposure. Many founders and new entrepreneurs who have engineering or operational expertise, underestimate the need for substantial growth engine investment early in the startup timeline.

How many times have you attended "Demo Days" or other such events intended for the startup founders to pitch their new App or service solution, begging for a first customer? You must recognize that the new Artificial Intelligence interface, the optimized algorithm or the faster encrypted communications is not going to create a new market overnight.

Entrepreneurs require a substantial immersion into the business environment of problem-solving. It begins with the customer or client who detects that there is an area of risk that needs remediation. How do you think companies like Symantec and McAfee first started? The personal computers that were becoming so pervasive were encountering something now called malware.

Solving problems from the customers perspective requires a deep and focused process with the owners, operators and end users. It requires substantial time being embedded at the customer level or with the people who perform their daily tasks. You need to understand the risks that the customer is experiencing.

This "Diagnostic-to-Prescriptive" process is not new. Yet how many times have those "Demo Day" entrepreneurs or "Accelerator" graduates ended their pitch, with a plea for a first customer? This is a recipe for failure.

How can this be changed or addressed, in order to increase the number of successful new businesses? What should we be doing to assist these new entrepreneurs in embracing the "Operational Risks" of a customer and inventing a new solution to solve their problems?

The engineers and inventors should embrace the idea of finding customers first, who have real and risk sensitive problems they can solve. It is not enough to just change an interface, reduce the pricing and copy an App, to do the same general function. How long will it now take for Snap to begin building their own data centers and infrastructure?

Entrepreneurs that utilize the "Go-to-Market" strategy early in their growth cycle, will simultaneously increase exposure to substantial Operational Risks. Take that great idea or new "Minimum Viable Product" to an established business in the industry sector you think is going to listen. Find the right business to adopt you as a problem-solver with this new solution and take the time to learn.

Once you have lived with the same problem across several different businesses, agencies or governments, it might be time to launch the "Go-to-Market" strategy for a single industry sector or country to start. The learning phase and early adoption of a multitude of business development processes, will establish a more solid foundation for launching the new product / solution.

When you look at Snapchat and its growth cycle, it was not obvious up front, how privacy was going to be such a tremendous risk to the business. How you can pivot quickly from understanding your customers appetite for transparency, to also provide a robust privacy policy program, is just one way to build a trusted set of repeat customers.

Snapchat Transparency Reports are released twice a year. These reports
provide important insight into the volume and nature of governmental
requests for Snapchatters' account information and other legal
notifications.

13 February 2017

The 2017 RSA Conference is set to launch this week in San Francisco. What is true? The state of asymmetric warfare across the globe is pervasive and nation states have been negotiating new rules of the game.

As you descend into the keynote sessions, absorb the content from your favorite track or walk the overwhelmed Expo halls, pause for a moment. Stop, look around and look at what you see. The ICT (Information, Communications & Technology) ecosystem is no longer a vertical.

The horizontal intrusion of smart devices, IoT and the rapid mobility sensor markets have created a juggernaut ecosystem. The startup communities across just the United States landscape have entrepreneurs sharing and automating parts of your daily life once thought unthinkable.

The Techstars of the next generation of commerce, understand the platform better than ever. Meanwhile, the same ambitious individuals with so much creativity are simultaneously in a battle for funding and market share.

It is a new generation of inventions that are AI-driven by Voice Recognition that are becoming the foundation for getting the information we need now; this second, not in a few minutes or even an hour from now. We want it now and we trust that it will be true.

There are some major themes that you will see and pick-up on while attending RSA this year. Some established companies with a tenured legacy in the industry are even making a pivot. Look for how they are starting to craft the new narratives that will consume the marketing airwaves.

Expect plenty of talk about the ongoing ransomware scourge and threats against the Internet of Things (IoT) during RSA Conference 2017, which begins a week from today at the Moscone Center in San Francisco.

The conference will include 15 keynotes, including talks by RSA CTO
Zulfikar Ramzan, Microsoft president Brad Smith, and Alphabet CEO Eric
Schmidt. The popular cryptographers’ panel will feature Whitfield Diffie
(of Diffie-Hellman-Merkle), Ronald Rivest and Adi Shamir (the R and S in RSA encryption), and Susan Landau (creator of Landau’s Algorithm). Paul Kocher, who figured out timing attacks against various RSA and DHM implementations, will moderate the panel.

With this in mind, now start to realize the places that have been behind the innovation curve. The small and even mega markets, that have been slow to invent or work in such austere environments the tech has not reached it yet. Start your new journey into these places to see how you can contribute, how you will be able to make a difference:

The Defense Innovation Initiative (DII) Exploring Ideas to Better Identify the “Art of the Possible” for National Security

The Defense Innovation Initiative (DII) is a Department-wide initiative to pursue innovative ways to sustain and advance the capabilities of the “force of the future.” The U.S. changed the security landscape in the 1970s and 1980s with networked precision strike, stealth and surveillance for conventional forces. Through the DII, the Department will identify a third offset strategy that puts the competitive advantage firmly in the hands of American power projection over the coming decades.

The future of RSA and our way of life for our interconnected nations, economies and daily consumption of the truth is at stake. We do have the ability to better cooperate, collaborate and communicate our paths forward. Yet it begins with a conversation in person, face-to-face to establish the emotional and behavioral ties to trustworthiness.

04 February 2017

As you walk into that next meeting with another co-worker or even a colleague for a coffee catch-up, pause and reflect. Think about how you could (1) make this encounter not only productive and (2) simultaneously enhance the relationship of trust.

All too often we are focused on getting something of value from the meeting. We are blinded by the purpose of the meeting or have preconceived ideas on how the time together will be of value, or a waste of time. Now think differently.

A true professional in any business, unit, agency or organization is there to "Build Trust". The day-to-day or hour-to-hour interactions you have with others is vital. A true professional in any domain, industry or vocation, can aspire to a higher purpose than the normal roles of a stated job description.

One thing is certain when it comes to meeting with other people and the value or outcomes obtained, trust is a major factor in the future outcomes of the relationship. Have you ever wondered why certain people you meet, take so long to trust you? How are you going to accomplish your intended purpose working with this superior or subordinate if they don't trust you? What about that new client or business partner?

At the most fundamental level, the trust gurus and authors have been writing about a spectrum of trust for eons:

Zero Trust >>>>>Trust Exists >>>>>Implicit Trust

From ground zero of your first encounters with another person, your goal is to move towards a point on the spectrum where "Trust Exists". Then your goal is to keep moving to the right and towards a place of "Implicit Trust". This is when you don't even think about it anymore. How many people do you know where this is the case, even within your own family?

So what?

As an Operational Risk professional, velocity is everything. Yet you already know that uncontrolled velocity alone can be fatal. The risk factors associated with business, government or the manufacturing process of a highly engineered electronic component are always present. Always changing. Creating new obstacles or new harm. In our current state, 24x7x365 pervasively connected society, the trust factors are even more important and vital to moving towards "Implicit Trust".

Here are a few examples in the news this past year, where Operational Risk Management (ORM) was a factor:

On 2 September 2016, Samsung suspended sales of the Galaxy Note 7 and announced an informal recall, after it was found that a manufacturing defect in the phones' batteries had caused some of them to generate excessive heat, resulting in fires and explosions. A formal U.S. recall was announced on 15 September 2016.

When Yahoo said on Thursday that data from at least 500 million user accounts had been hacked, it wasn't just admitting to a huge failing in data security -- it was admitting to the biggest hack the world has ever seen.

Until Thursday, the previous largest known hack was the 2008 breach that hit almost 360 million MySpace accounts, according to a ranking by the "Have I been pwned" website. Like the Yahoo breach, the hack was only publicly disclosed this year after data was offered on a hacker forum.

Attorney General Loretta E. Lynch and Department of Health and Human Services (HHS) Secretary Sylvia Mathews Burwell announced today an unprecedented nationwide sweep led by the Medicare Fraud Strike Force in 36 federal districts, resulting in criminal and civil charges against 301 individuals, including 61 doctors, nurses and other licensed medical professionals, for their alleged participation in health care fraud schemes involving approximately $900 million in false billings.

A federal contractor suspected in the leak of powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the U.S. government, according to court records and U.S. officials familiar with the case.

In each one of these few example cases, relationships between people started with a meeting encounter. Over time, the product, service or personal relationship outcomes involved a failure of people, processes, systems or external events. The core components of Operational Risk Management (ORM).

Raising the level of trust across personal, business or government encounters is only possible, with effective "TrustDecisions". The Decisions to Trust another person, product or service have several elements. These are vital for the mission to grow towards "Implicit Trust" and simultaneously with the safety and security necessary to reduce the risk of failure.

The Mission

The mission as a co-founder of a new startup or the CEO of a Global 500 is to ensure the survival of the organization. We all know the failure rate for new companies. Just ask Dun & Bradstreet for the statistics or even your local Venture Capitalist who is celebrating failures these days. So beyond just the survival of the organization, is the imperative to establish a cultural and operating environment where people feel encouraged, creative and unencumbered to fulfill their job requirements and goals.

The Take Away

Operational Risks are inherent in any new or established business endeavor. The earlier the Operational Risk Management (ORM) design begins in the trusted relationship evolution, the more resilient you will ultimately become. The framework of the system-of-systems, the look and feel of the cultural environment and the end state visions are all at stake. Take the time and include the expertise to work on the "TrustDecisions" foundation of your enterprise.

Ensure the survivability of the new products or service solutions, that are so valuable to our economy and our nation. Embrace Operational Risk Management early in your relationships and allow it's presence while it preserves all that you have worked for and dreamed of...

About

Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of an institutions activities.

"The Only Thing Necessary For Evil To Triumph Is For Good Men To Do Nothing." --E. Burke